API keys
Issue workspace-scoped keys so connected runtimes stay attributable to the right workspace boundary.
Use this page when
Read this page when you need a runtime, bridge, or governed import to send work into a specific workspace.
What keys do in OSuite
API keys are not just transport credentials. They attach incoming requests to a workspace boundary so approvals, receipts, and exports remain attributable.
Before you create a key
Decide these three things first:
- which workspace the key belongs to
- which environment it is for
- who rotates and revokes it
Good key posture
- one workspace per key
- clear environment separation
- named ownership
- predictable rotation
- no hidden shared credentials
What success looks like
A good key setup makes it obvious which workspace owns an incoming request and which team should investigate a problem.
Common mistakes
- reusing one key across multiple workspaces
- leaving staging and production on the same credential
- creating keys without a named owner